ESG Federation Trust Roots

This page is the central source for all ESG Federation trust root information. It provides a distribution of all trust roots that need to be trusted by Gateways and Data Nodes that participate in the ESG Federation.

PKI Trust Roots

These are a collection of CA certificates that are trusted by ESG Federation services
Show Trusted CA Certificates

Using PKI Trust Roots: Trusted CA Certificates

This section will briefly discuss how to consume the above tarball archive. First of course it must be downloaded and the md5sum should be verified to match the above listing. After that, it should be extracted to a temporary directory and the contents copied over to /etc/grid-security/certificates. An example of command used to do this could look something like this:

Using PKI Trust Roots: The TrustStore

In order to use the above provided trust store, it must be configured for your java environment (which can be done in a number of ways). Assuming you’re using tomcat, it should be downloaded and referenced from your tomcat configuration as shown below. If you’re using it from another Java application, see the command line configuration below that.
Either way, start by downloading the trust store file and verifying the md5sum:

In tomcat, to configure the usage of a particular trust store file, you need to modify the $CATALINA_HOME/conf/server.xml file. Find the relevant connector section and edit it by adding in the paths to the trust store and keystore used. An example section looks like this:

After making this configuration change, you need to stop and start Tomcat by running the $CATALINA_HOME/bin/catalina.sh script.
For other command line Java applications, to configure the usage of a particular trust store, you need to modify the $JAVA_OPTS environment variable to include a pointer to the new trust store. An example of this is shown here: